HIPAA Mobile Device Policy

Why You Need Policies to Ensure Compliance with HIPAA

The importance of a HIPAA mobile device policy cannot be underestimated. Research has shown more than 80% of medical professionals use a personal mobile device to access or communicate protected health information (PHI) and, prior to new regulations being enacted in the Health Insurance Portability and Accountability Act (HIPAA), the risk of PHI being compromised was substantial when personal laptops, tablets and smartphones were lost or stolen, or when staff failed to take appropriate levels of care with their messaging actions – for example sending messages containing PHI to the wrong number.

Secure messaging platforms have been introduced by many healthcare organizations to combat the threat of confidential patient data being compromised; but a breach of PHI is still possible if medical professionals, business associates and other third party service providers are not informed of organizations´ policies to ensure compliance with HIPAA. Consequently, we have produced a white paper – “The Top 8 Secure Messaging Policy Best Practices” – which you are invited to download and read, and which contains details of the best practices that should be included in a HIPAA mobile device policy.

How Messaging Platforms Ensure the Integrity of PHI in Transit

Secure messaging platforms ensure the integrity of PHI in transit by encrypting all information sent through the platform. Technical safeguards make it impossible for messages to be copied and pasted, saved to an external hard drive, or forwarded beyond the boundaries of the network, and authentication controls verify log-ins to guard against unauthorized access to PHI.

When PHI is accessed or transmitted, administrative controls on the secure messaging platform generate audit reports for compliance purposes, so that system administrators can monitor the content of the messages and use features such as remote wipe or message recall to remove any risk to the integrity of PHI or any user that has failed to comply with the organization´s HIPAA mobile device policy.

A HIPAA mobile device policy is the final stage of a healthcare organization´s compliance with the HIPAA regulations, after a secure messaging platform has been selected and implemented. Secure messaging platforms enable safe access to encrypted PHI via a secure messaging app, which authorized personnel can use from a desktop computer or personal mobile device.

Once an authorized user has authenticated their identity using a unique username and password, they can communicate PHI or view encrypted PHI through the secure platform. The authorized user can then upload new protected healthcare information (charts, images, documents etc), compose secure messages and send them to other authorized users.

Recipients receive a notification text on their secure messaging app linking to the message containing PHI and, after authenticating their identities, they can read the message, reply to it or share any attachments with other authorized users – facilitating collaboration on a patient´s healthcare in a secure and cost-effective manner.

The secure messaging platform has administrative controls to monitor activity between authorized users communicating PHI on a mobile device, and produces audit logs to accelerate administrator´s risk management analysis and ensure that organizational policies to ensure compliance with HIPAA are being adhered to.

The Benefits of Communicating PHI on a Mobile Device

In a healthcare environment, secure messaging apps can accelerate physician consults, patient diagnoses, the delivery of lab results, and the administration of treatment – streamlining workflows, increasing productivity and enhancing the level of healthcare received by patients. Features included on secure messaging apps include:

Delivery notifications and read receipts, so that authorized users communicating PHI on a mobile device do not have to engage in phone tag to see if a message has been received

A “search by name” facility when secure messaging apps are integrated into a corporate directory to help eliminate the risk of messaging errors often seen with encrypted email

The ability to assign message lifespans in order that messages contain PHI delete automatically after a pre-determined period of time

Accessibility settings which can be used to remote wipe a mobile device if it is stolen or lost, recall a message if it is sent to the wrong person and remove a user from the secure network if he or she fails to adhere to policies to ensure compliance with HIPAA

Furthermore, case studies have shown that being able to securely communicate PHI on a mobile device enhances doctor-nurse communications, enables home health staff to stay in the field for longer, improves appointment scheduling accuracy and reduces the time it takes to fill prescriptions. In one study at the El Rio Community Health Center Tucson, Arizona, staff efficiency increased by 22% after a secure message platform was implemented.

TigerText´s Secure Messaging App

TigerText´s secure messaging app has been developed with end-user functionality specifically in mind, so that medical professionals will quickly adapt to using the app´s text-like interface and not revert to using alternative, unsecure methods of communicating PHI on a mobile device – especially in an emergency or critical care situation.

The TigerText app works across all operating systems – so that medical professionals can receive PHI on the go with secure messaging, irrespective of the type of mobile device they are using – resends delivery notifications via alternate channels of communication if a Wi-Fi or 3G service is unavailable, and organizes secure messages from multiple sources into one convenient easy-to-access menu when authorized users need to exchange PHI with more than one medical facility.

The app also has a “Do Not Disturb” feature which works in a similar way to “Out of Office” email messages, and which can be customized so that when a medical professional is unavailable or off-call, colleagues wishing to message them will be re-directed to alternate points of contact or courses of action.

Developing a HIPAA Mobile Device Policy

In order to guide authorized users on the most appropriate way to use the secure messaging app, healthcare organizations must develop policies to ensure compliance with HIPAA – these policies also apply to business associates and third party service providers for the healthcare organization.

Best practice policies should clearly establish guidelines for communicating PHI on a mobile device and the sanctions that apply if an authorized user should go outside of those guidelines. To assist with the development of a HIPAA mobile device policy we have produced a white paper – “The Top 8 Secure Messaging Policy Best Practices” – which outlines the best practices for staff usage of secure messaging platforms, the transmission of PHI and how a HIPAA mobile device policy should be integrated with existing organizational policies.

Our white paper also reminds organizations of the requirement that a dedicated policy administrator is assigned so that authorized users have a point of contact for any questions they may have about communicating PHI on a mobile device, and that policies to ensure compliance with HIPAA are reviewed regularly and amended when necessary to account for changes in working practices, new technology and revised security legislation. H2: Speak with TigerText about Policies to Ensure Compliance with HIPAA

To date, TigerText´s secure messaging platform has been implemented in more than 4,000 medical facilities and over 150 messages each month are sent via TigerText´s secure messaging app. TigerText is the market leader in the provision of secure messaging solutions for the healthcare industry, and the first company you should talk to about securely communicating PHI on a mobile device.

If you would like to know more about TigerText´s secure messaging solution after downloading our white paper – “The Top 8 Secure Messaging Policy Best Practices” – please do not hesitate to contact us with any questions you may have about developing a HIPAA mobile device policy or to request a free demo of TigerText´s secure messaging platform in action.